Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-2628
HistoryMar 12, 2018 - 12:00 a.m.

CVE-2017-2628

2018-03-1200:00:00
ubuntu.com
ubuntu.com
15

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

77.5%

curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53,
did not correctly backport the fix for CVE-2015-3148 because it did not
reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by
USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL
6 curl only.

Notes

Author Note
mdeslaur Is an issue in Red Hat’s backport as their old version doesn’t have USE_HTTP_NEGOTIATE. Doesn’t affect precise and newer.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

77.5%